Safeguarding privacy is a key aspect of Additio App. Therefore we have adopted internal policies and implemented the appropriate measures to meet the highest quality standards in accordance with Regulation (EU) 2016/679 of the European Parliament and Council, dated 27 April 2016, (GDPR), relating to the protection of natural individuals with regard to the processing and free movement of personal data.

That is why we have taken into account the principles of data protection when it comes to design and while creating Additio App in order to honour the confidence vested in us by the users, keeping their data private and safe.  

The information in this page is aimed to provide transparency on how we protect that data.

Our team will continue expanding and updating this information as we add new capabilities and security improvements to our products. At Additio App we are committed to using the best technology and providing the highest levels of security.

Everything we do in Additio App follows four simple rules

DATA IS YOURS

YOUR DATA ARE PROTECTED

YOUR DATA ARE EXPORTABLE

WE ARE TRANSPARENTS

Data security. This means everything to us.

All information is stored on servers of Hetzner and Amazon Web Services (AWS), two of the most trusted and safest companies among those offering cloud-based solutions.

Our website and our apps use Secure Sockets Layer (SSL) to protect your data with 256-bit encryption and the best industry standards for authentication and identification to ensure your data is secure during communications.

Basic information on data processing

In accordance with Organic Law 15/1999, dated 13 December, on Personal Data Protection, and Regulation (EU) 2016/679 of European Parliament and Council, dated 27 April 2016, (GDPR), we offer the following information on the processing of your personal data:

Data controller DIDACTIC LABS S.L.
Data processing purpose Offer and manage our services and products for the education sector.
Legitimacy of the processing The processing is necessary to use the Additio App application, and that’s why we request the consent of the users. They are are entitled to withdraw their consent it at any moment.
Data origin Data will be provided by the users, school centers or teachers that use Additio App.
Data communication Your data will be passed on to the public administrations, as long as it is required by the current legislation, and to all those institutions whenever it is necessary to fulfill the purpose of the processing.
Data processor The third parties that provide services for the maintenance of the application are based in the UE or are under the Privacy Shield agreement.
Rights The individuals concerned are entitled to exercise the rights of access, rectification, processing limitation, elimination, portability and opposition against the data controller. Moreover, they can turn to the competent supervisory authority to assert any claim they deem appropriate.
Additional Information Additional and detailed information on the data processing are available below under section “Frequently asked questions about privacy”.

Access to information

The information of the teachers and students introduced in Additio App is only accessible by teachers and schools. At school, the administrator grants access permission to all staff members, but can not access their data.

Information privacy

Additio App takes data and privacy security very seriously. Our engineers have worked hard to protect sensitive data and encrypt communications, which helps keep the system safe.

We do not sell personal information to third parties and we will only use your information in accordance with our privacy policy. Teachers can upload the data, and can access, download or specifically request the data in info@additioapp.com

Additio App does not rent or sell any information related to students or teachers, to third parties for marketing or advertising purposes.

Students can not communicate privately with others. The teacher manages his students and there is no possibility of contact or exchange of data or similar between them.

Daily backups

All the information that is synchronized between the applications and the web version is backed up every day and sent to another server for double security in case something happens to the main servers, being able to restore all the information without any problem and in a minimum time.

Download the data whenever you want

You can export and download all your Additio App data with a very easy process. In a few steps, you can create an Excel file to save your files or use the data in another service. Here you can know more about this functionality.

Billing and banking information

Additio App does not store any confidential banking information and has included the highest levels of encryption for bank transfers. For that reason, we work with two of the most prestigious companies to collect payments: PayPal and Stripe. They are responsible for collecting payments so that it is not necessary to store any confidential banking information on our servers. All teachers who use the Additio App for payment must complete a two-step authentication process to verify their accounts.

Frequently asked questions about privacy

Who is your data controller?

Identity: DIDACTIC LABS S.L. (hereafter referred as Additio App)

Tax identification code: B55240162

Address: 10 Bescanó, 17007 Girona (Spain)

Phone number: +34 972 18 32 14

Email: info@additioapp.com

Privacy manager:

Contact: http://www.additioapp.com/contactar

For what purpose do we process your personal data?

In Additio App we process the data that the individuals concerned provide us in order to offer and manage our services and products for the education sector.

How long are we going to keep your data?

The provided personal data will be kept as long as the individuals concerned use Additio App.

As Additio App is aimed at school management, not using the application for a long time is seen as having lost its purpose. Therefore, in the event that a user registered in Additio App keeps their account inactive for more than 12 months in a row, we will proceed to delete the account and all data associated with it.

What is the legitimacy of processing your data?

The legal basis for processing your data is the consent Additio App’s users give the school center or teacher to use the application, and the one they give at the moment of signing up for it.

What recipients is your data going to be transmitted to?

Additio App contracts its virtual infrastructure following a cloud computing model. To that end we use the services of Hetzner Online GmbH, based in Germany, which is compliant with the Federal Data Protection Act (BDSG) and the Tele Media Act (TMG), its privacy policy being available at: Data privacy. We also use Amazon Web Services and Google’s Firebase, both under the provisions of the EU-US Privacy Shield framework. Information available at: Amazon.com, Inc, and Google LLC.

What rights are you entitled to when you provide us with your data?

  • Anyone is entitled to obtain confirmation related to whether in Additio App we are processing personal data that concerns them or not.
  • The individuals concerned shall have the right to access to their personal data, as well as to request the rectification of any inexact data or the deletion of such when, among other reasons, that data is not needed anymore for the purpose it was collected.
  • In certain circumstances, the individuals concerned might request limitation of processing of their data, in which case we will only keep it for the exercise or defence of claims.
  • In certain circumstances and for reasons relating to their particular situation, the individuals concerned might be able to object to the processing of their data. Additio App will then stop processing such data, except for compelling legitimate grounds or the exercise or defence of potential claims.
  • The individuals concerned are entitled to the portability of their data.
  • Finally, the individuals concerned can turn to the competent supervisory authority to assert any claim they deem appropriate.

How do we collect your data?

  • Some of the personal data we process in Additio App is provided by the individual concerned at the moment of signing up for the application, but most of the collected data refers to the one the school centers and/or teachers process through Additio App with their consent.
  • The categories of the processed data are the following:
    1. Identification data
    2. Identification keys or codes
    3. Postal and email addresses
    4. Academic information
  • Data is limited, as we only process that needed for the effective use of Edvoice.
  • Data specially protected is not processed, although it being minors’ data we are aware of the fact that it is sensitive data. Therefore, we have put a particular emphasis on that data being processed with the required legal consent, as well as on applying the security measures needed to safeguard it.

What security measures do we apply?

After carefully analyzing the data processing that is to be performed, we have taken the required security measures to make sure that the security level against the risk of such processing is appropriate, through mechanisms that allow us to guarantee the confidentiality, integrity, availability and permanent resilience of the systems and services of processing.

Additio App implements the security measures provided under article 32 of the GDPR and those required by Royal Decree 1720/2007, of 21 December, which approves the Regulation implementing Organic Law 15/1999, of 13 December, on the Protection of Personal Data.

How do we process data on behalf of third parties?

The data controller is the school center or the teacher that uses the services of Additio App, so we will process that data for the appropriate provision of our services, doing it as data processor, as established in article 28 of the Regulation (EU)  2016/679 of the European Parliament and the Council, dated 27 April 2016 (GDPR). Thus Additio App will:

  1. Process the personal data only following documented instructions from the controller, including with respect to personal data transfers to a third country or international organization, unless it is obliged to it in accordance with the Member States or Union law that applies to Additio App. In that case, Additio App will inform the controller of that legal requirement prior to the processing, unless that law forbids it for important reasons of public interest.
  2. Guarantee that the authorized individuals to process personal data have committed to respect confidentiality or are subject to an obligation of confidentiality of statutory nature.
  3. Take all necessary security measures in accordance with article 32 (GDPR).
  4. Respect the specified conditions indicated in the GDPR to turn to another data processor.
  5. Assist the controller, taking into account the nature of the processing through appropriate technical and organizational measures, as long as it is possible, so that they can fulfill their obligation to respond to requests with the aim of exercising the rights of the individuals concerned established in chapter III of the GDPR.
  6. Help the controller ensure compliance with the obligations established in articles 32-36 of the GDPR, in consideration of the processing nature and the information available to the processor.
  7. Delete or return, at the discretion of the controller, all personal data once the provision of processing services has finished, and will delete the existing copies unless the keeping of personal data is required by the Member States or Union law.
  8. Provide the data controller with all required information to prove compliance with the established obligations in article 28 of the GDPR, as well as to allow and contribute to carrying out audits, including inspections, by the controller or another auditor authorized by such individual.

Additio App informs the data controllar that subcontracts its virtual infrastructure of cloud computing with Hetzner Online GmbH, based in Germany, which is compliant with the Federal Data Protection Act (BDSG) and the Tele Media Act (TMG), its privacy policy being available at Data privacy, and with Amazon Web Services and Google’s Firebase, both under the provisions of the EU-US Privacy Shield framework. Information available at Amazon.com, Inc and Google LLC.

 

Exclusion of liability

The school center and/or teacher is under obligation to obtain the data that is going to process in Additio App following the legal prescriptions established in the regulations relating to the personal data protection. And specially has to obtain the consent of the parents or legal guardians of the students under the age of 16, or, as the case may be, the minimum age for children to give their consent established by the legislation of the State in which they are located, as provided in article 8.1 of the GDPR.

Additio App accepts no responsibility for any failure by the school center and/or teacher to comply with the obligations derivative of the GDPR, and/or any other current regulation in the part in which its activity corresponds and which is related to the execution of the contracted services or any other relationship it has with Additio App.

 

What happens if I have more questions?

If you have any questions or concerns about these or similar issues, please send an email to info@additioapp.com