Security and privacy

The security and privacy of the data is the most important thing for us. You will always have full control over your data and it will be completely anonymous.
Safety, the most important thing for us
Safety, the most important thing for us

Safeguarding privacy is a key aspect of Edvoice. Therefore we have adopted internal policies and implemented the appropriate measures to meet the highest quality standards in accordance with Regulation (EU) 2016/679 of the European Parliament and Council, dated 27 April 2016, (GDPR), relating to the protection of natural individuals with regard to the processing and free movement of personal data.

 

That is why we have taken into account the principles of data protection when it comes to design and while creating Edvoice in order to honour the confidence vested in us by the users, keeping their data private and safe. The information in this page is aimed to provide transparency on how we protect that data.

 

Our team will continue expanding and updating this information as we add new capabilities and security improvements to our products. At Edvoice we are committed to using the best technology and providing the highest levels of security.

Property
Property
The data is yours
Security
Security
Your data is protected
Export
Export
Your data is exportable
Transparency
Transparency
We are transparent
Data security. This means everything to us.

Basic information on data processing

Specifications table

In accordance with Organic Law 15/1999, dated 13 December, on Personal Data Protection, and Regulation (EU) 2016/679 of European Parliament and Council, dated 27 April 2016, (GDPR), we offer the following information on the processing of your personal data:

Data controller DIDACTIC LABS S.L.
Data processing purpose Managing the Edvoice application to improve the communication between school centers, teachers, students and families.
Legitimacy of the processing The processing is necessary to use the Edvoice application, and that’s why we request the consent of the users. They are are entitled to withdraw their consent it at any moment.
Data origin Data will be provided by the users, school centers or teachers that use Edvoice.
Data communication Your data will be passed on to the public administrations, as long as it is required by the current legislation, and to all those institutions whenever it is necessary to fulfill the purpose of the processing.
Data processor The third parties that provide services for the maintenance of the application are based in the UE or are under the Privacy Shield agreement.
Rights The individuals concerned are entitled to exercise the rights of access, rectification, processing limitation, elimination, portability and opposition against the data controller. Moreover, they can turn to the competent supervisory authority to assert any claim they deem appropriate.
Additional Information Additional and detailed information on the data processing are available below under section “Frequently asked questions about privacy”.

Access to information

The information introduced in Edvoice is only accessible by schools, teachers, students and their parents according to their permissions, accessing only the information that concerns them.

Information privacy

Edvoice takes data and privacy security very seriously. Our engineers have worked hard to protect sensitive data and encrypt communications, which helps keep the system safe.

We do not sell personal information to third parties and we will only use your information in accordance with our privacy policy. Teachers can upload the data, and can access, download or specifically request the data in [email protected]

Edvoice does not rent or sell any information related to students or teachers, to third parties for marketing or advertising purposes.

Schools and teachers are the ones that send access codes to students and parents so that they can use the application and receive the messages through Edvoice. It is schools and teachers who manage their students and which groups they have access to.

Daily backups

All the information in Edvoice is backed up every day and sent to another server for double security in case something happens to the main servers, being able to restore all the information without any problem and in a minimum time.

Download the data whenever you want

You can export and download all your “stories” data from Edvoice with a very easy process.

Frequently asked questions about privacy

List of questions and answers

Who is your data controller?

Identity: DIDACTIC LABS S.L. (hereafter referred as Additio App)

Tax identification code: B55240162

Address: Parc Científic i Tecnològic. C/Emili Grahit, 91. Edifici Monturiol. Planta 1, oficina B02-03-04 17003 Girona

Phone number: +34 972 18 32 14

Email: [email protected]

Privacy manager:

Contact: https://www.additioapp.com/contactar

For what purpose do we process your personal data?

In Additio App we process the data that the individuals concerned provide us in order to offer and manage our services and products for the education sector.

How long are we going to keep your data?

The provided personal data will be kept as long as the individuals concerned use Additio App.

As Additio App is aimed at school management, not using the application for a long time is seen as having lost its purpose. Therefore, in the event that a user registered in Additio App keeps their account inactive for more than 12 months in a row, we will proceed to delete the account and all data associated with it.

What is the legitimacy of processing your data?

The legal basis for processing your data is the consent Additio App’s users give the school center or teacher to use the application, and the one they give at the moment of signing up for it.

What recipients is your data going to be transmitted to?

Additio App contracts its virtual infrastructure following a cloud computing model. To that end we use the services of Hetzner Online GmbH, based in Germany, which is compliant with the Federal Data Protection Act (BDSG) and the Tele Media Act (TMG), its privacy policy being available at: Data privacy. We also use Amazon Web Services and Google’s Firebase, both under the provisions of the EU-US Privacy Shield framework. Information available at: Amazon.com, Inc, and Google LLC.

What rights are you entitled to when you provide us with your data?

  • Anyone is entitled to obtain confirmation related to whether in Additio App we are processing personal data that concerns them or not.
  • The individuals concerned shall have the right to access to their personal data, as well as to request the rectification of any inexact data or the deletion of such when, among other reasons, that data is not needed anymore for the purpose it was collected.
  • In certain circumstances, the individuals concerned might request limitation of processing of their data, in which case we will only keep it for the exercise or defence of claims.
  • In certain circumstances and for reasons relating to their particular situation, the individuals concerned might be able to object to the processing of their data. Additio App will then stop processing such data, except for compelling legitimate grounds or the exercise or defence of potential claims.
  • The individuals concerned are entitled to the portability of their data.
  • Finally, the individuals concerned can turn to the competent supervisory authority to assert any claim they deem appropriate.

How do we collect your data?

  • Some of the personal data we process in Additio App is provided by the individual concerned at the moment of signing up for the application, but most of the collected data refers to the one the school centers and/or teachers process through Additio App with their consent.
  • The categories of the processed data are the following:
    1. Identification data
    2. Identification keys or codes
    3. Postal and email addresses
    4. Academic information
  • Data is limited, as we only process that needed for the effective use of Edvoice.
  • Data specially protected is not processed, although it being minors’ data we are aware of the fact that it is sensitive data. Therefore, we have put a particular emphasis on that data being processed with the required legal consent, as well as on applying the security measures needed to safeguard it.

What security measures do we apply?

After carefully analyzing the data processing that is to be performed, we have taken the required security measures to make sure that the security level against the risk of such processing is appropriate, through mechanisms that allow us to guarantee the confidentiality, integrity, availability and permanent resilience of the systems and services of processing.

Edvoice implements the security measures provided under article 32 of the GDPR and those required by Royal Decree 1720/2007, of 21 December, which approves the Regulation implementing Organic Law 15/1999, of 13 December, on the Protection of Personal Data.

How do we process data on behalf of third parties?

The data controller is the school center or the teacher that uses the services of Additio App, so we will process that data for the appropriate provision of our services, doing it as data processor, as established in article 28 of the Regulation (EU)  2016/679 of the European Parliament and the Council, dated 27 April 2016 (GDPR). Thus Additio App will:

  1. Process the personal data only following documented instructions from the controller, including with respect to personal data transfers to a third country or international organization, unless it is obliged to it in accordance with the Member States or Union law that applies to Additio App. In that case, Additio App will inform the controller of that legal requirement prior to the processing, unless that law forbids it for important reasons of public interest.
  2. Guarantee that the authorized individuals to process personal data have committed to respect confidentiality or are subject to an obligation of confidentiality of statutory nature.
  3. Take all necessary security measures in accordance with article 32 (GDPR).
  4. Respect the specified conditions indicated in the GDPR to turn to another data processor.
  5. Assist the controller, taking into account the nature of the processing through appropriate technical and organizational measures, as long as it is possible, so that they can fulfill their obligation to respond to requests with the aim of exercising the rights of the individuals concerned established in chapter III of the GDPR.
  6. Help the controller ensure compliance with the obligations established in articles 32-36 of the GDPR, in consideration of the processing nature and the information available to the processor.
  7. Delete or return, at the discretion of the controller, all personal data once the provision of processing services has finished, and will delete the existing copies unless the keeping of personal data is required by the Member States or Union law.
  8. Provide the data controller with all required information to prove compliance with the established obligations in article 28 of the GDPR, as well as to allow and contribute to carrying out audits, including inspections, by the controller or another auditor authorized by such individual.

Additio App informs the data controllar that subcontracts its virtual infrastructure of cloud computing with Hetzner Online GmbH, based in Germany, which is compliant with the Federal Data Protection Act (BDSG) and the Tele Media Act (TMG), its privacy policy being available at Data privacy, and with Amazon Web Services and Google’s Firebase, both under the provisions of the EU-US Privacy Shield framework. Information available at Amazon.com, Inc and Google LLC.

 

Exclusion of liability

The school center and/or teacher is under obligation to obtain the data that is going to process in Edvoice following the legal prescriptions established in the regulations relating to the personal data protection. And specially has to obtain the consent of the parents or legal guardians of the students under the age of 16, or, as the case may be, the minimum age for children to give their consent established by the legislation of the State in which they are located, as provided in article 8.1 of the GDPR.

Edvoice accepts no responsibility for any failure by the school center and/or teacher to comply with the obligations derivative of the GDPR, and/or any other current regulation in the part in which its activity corresponds and which is related to the execution of the contracted services or any other relationship it has with Edvoice.

What happens if I have more questions?

If you have any questions or concerns about these or similar issues, please send an email to [email protected]

Fed UE
Didactic Labs, within the framework of the ICEX Export Initiation Program, has had the support of ICEX and co-financing from the European FEDER fund, to contribute to the international development of the company and its environment.
Logos footer
Go up