Privacy Policy

This privacy notice discloses the privacy practices for Scoold Cloud. This privacy notice applies solely to information collected by this Website. It will notify you of the following:

  1. What personally identifiable information is collected from you through the Website.
  2. How it is used and with whom it may be shared.
  3. What choices are available to you regarding the use of your data.
  4. The security procedures in place to protect the misuse of your information.
  5. How you can correct any inaccuracies in the information.

Information Collection, Use, and Sharing

We are the sole owners of the information collected on this site. We only have access to/collect information that you voluntarily give us via our Website, email or other direct contact from you. We will not sell or rent this information to anyone.

We will use your information to respond to you, regarding the reason you contacted us. We will not share your information with any third party outside of our organization, other than as necessary to fulfill your request, e.g. to ship an order.

Unless you ask us not to, we may contact you via email in the future to tell you about specials, new products or services, or changes to this privacy policy.

Your Access to and Control Over Information

You may opt out of any future contacts from us at any time. You can do the following at any time by contacting us via email:

Security

We take precautions to protect your information. When you submit sensitive information via the Website, your information is protected both online and offline.

While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The computers/servers in which we store personally identifiable information are kept in a secure environment.

Registration

Registration for our Website is required. Registration is used by the Website to identify customers. Users must agree to our Terms of Service when they register. All contributed content, including private data (defined below), will be kept private and secure.

During registration a user is required to give certain information (such as name and email address). This information is used to contact you about the products/services on our site in which you have expressed interest. At your option, you may also provide demographic information (such as gender or age) about yourself, but it is not required. Your profile picture (avatar) is considered public and can be downloaded and re-used by other services, either scraped from the HTML interface or in bulk as FOAF files.

Cookies

We use "cookies" on this site. A cookie is a piece of data stored on a site visitor's hard drive to help us improve your access to our site and identify repeat visitors to our site. For instance, when we use a cookie to identify you, you would not have to log in a password more than once, thereby saving time while on our site. Cookies can also enable us to track and target the interests of our users to enhance the experience on our site. Usage of a cookie is in no way linked to any personally identifiable information on our site.

Some of our business partners may use cookies on our site (for example, advertisers). However, we have no access to or control over these cookies.

Sharing

We partner with another party to provide specific services. When the user signs up for these services, we will share names, or other contact information that is necessary for the third party to provide these services. These parties are not allowed to use personally identifiable information except for the purpose of providing these services.

The following data items are considered private data that won't be shared with other users, business partners, or the public at large:

Links

This Website contains links to other sites. Please be aware that we are not responsible for the content or privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of any other site that collects personally identifiable information.

Appendix: Data Processing Agreement (DPA)

This appendix forms an addition to the SaaS-agreement (the agreement) as agreed upon by Erudika Ltd., in the role of Processor, and Customer, in the role of Controller.

This appendix supersedes any arrangements previously made between the Parties with regard to the Processing of Personal Data.

The agreement between Processor and Controller applies to the Processing operation performed by Processor on the basis of the underlying assignment issued by Controller. The agreement refers to the specific service that provides the use of Scoold Pro product that is hosted by Processor.

The agreement and this corresponding appendix bind both parties at the time of signing and confirms the mutual rights and obligations of both parties. When a term is capitalized it refers to the meaning of the definition set out in Article 4 of the GDPR.

Article 1 Parties roles

Processor shall be regarded as Processor because of the performance of the underlying assignment and in respect of the Personal Data that Processor will process. The Controller shall be regarded as Controller.

Article 2 Purpose limitation

2.1 The Controller assigns and instructs the Processor to process the Personal Data on behalf of the Controller.

2.2 Processor shall process Controller data only in accordance with Controllers documented instructions as set forth in this Data Processing Agreement (hereafter DPA). Processor shall only process the Personal Data of Controller to the extent that the Processing is necessary for the performance of the agreement, never for its own benefit, for the benefit of Third Parties and/or for advertising and/or other purposes, as the case may be, unless a provision of EU law or Member State law applicable to the Processor obliges the Processor to process. In that case, the Processor shall notify the Controller in writing of this provision prior to Processing, unless such legislation prohibits such notification for important reasons of public interest.

Article 3 Subject matter, terms, Personal Data processed and categories of data subjects

3.1 The different categories of Personal Data processed by Processor are:

The different categories of data subjects are: employees, associates

3.2 Controller will not process any other data then personally identifiable information in the software. Personally identifiable information obtained through the recorder, must be blurred by using the censor functionality offered by the product. Processor does not carry any liability concerning sensitive data. This non-liability does extend to security incidents or other incidents involving sensitive data.

Article 4 Processor personnel

4.1 Processor shall take reasonable steps to ensure the reliability of any employee, agent, contractor, Sub-processor or any Third Party who may have access to the Personal Data of the Controller. Processor will ensure that access to the Personal Data is strictly limited to those individuals whose access is relevant for the purposes of the agreement or who need access to comply with Applicable Laws in the context of that individual’s duties to the contracted Processor. Processor will ensure that all fore mentioned individuals are subject to confidential obligations of professional or statutory nature.

Article 5 Technical and organizational measures

5.1 The Processor will take appropriate technical and organizational measures to ensure a level of security appropriate to the risk, so that the Processing meets the requirements of the GDPR and other applicable laws and regulations concerning the Processing of Personal Data and the protection of the rights of data subjects is guaranteed.

5.2 In assessing the appropriate level of security, the Processor shall take into account the state of the art, the newest developments, the cost of implementation, as well as the nature, scope, context and purposes of Processing, and the various risks to the rights and freedoms of individuals in terms of probability and seriousness, especially as a result of the destruction, loss, alteration or unauthorized disclosure of or access to data transmitted, stored or otherwise processed, whether accidentally or unlawfully.

Article 6 Audits

6.1 Controller has the right to carry out inspections or to have them carried out by an auditor appointed on a case-by-case basis. The auditor shall assess the Processor's compliance with this DPA in its business operations by means of random checks, of which the Processor will be notified in advance.

6.2 Processor shall allow the Controller to verify compliance with its obligations as provided by article 28 GDPR. The Processor undertakes to give the Controller the necessary information on request and, in particular, to demonstrate the implementation of the technical and organizational measures.

6.3 Evidence of the implementation of such measures, which may not only concern the activities under this DPA, may also be provided by:

6.4 Processor may charge a reasonable fee to the Controller for enabling inspections.

Article 7 Personal Data Breach

7.1 Without unreasonable delay and within 24 hours upon discovering a Personal Data Breach, the Processor shall inform the Controller. The Processor shall inform the Controller via the contact person. The Processor warrants that the information provided, to the best of the Processor's knowledge at that time, is complete, correct, and accurate.

7.2 If it is not possible for the Processor to provide all information from the data breaches form published by the data protection authority simultaneously, the information may be provided to the Controller in stages without unreasonable delay.

7.3 The Processor has adequate policies and procedures in place to ensure that it can:

  1. Detect Personal Data Breaches at the earliest possible stage.
  2. Inform the Controller of any Personal Data Breach in accordance with article 6.1.
  3. Respond adequately and promptly to any Personal Data Breach.
  4. Prevent or limit any further unauthorized disclosure, alteration and provision or otherwise unlawful Processing and prevent its recurrence.

7.4 The Processor will refrain from reporting Personal Data Breaches to the Supervisory Authority and/or the affected data subjects, unless expressly requested to do so in writing by the Controller.

Article 8 Data subjects rights

8.1 Processor undertakes to provide full cooperation and assistance, as it may be reasonably possible, in order to assist the Controller in responding to data subjects' requests for the exercising of their rights.

8.2 In particular, Processor undertakes to (i) immediately communicate to the Controller any request received by data subjects concerning the exercising of their rights and, if feasible and appropriate, to (ii) enable the Controller to design and deploy all the technical and organizational measures necessary to answer the data subjects' requests.

8.3 Notwithstanding the fact that the Controller bears the responsibility to respond to the data subjects' requests, the Processor can accept to be tasked with the fulfilment of some specific requests, provided that such tasks do not require disproportionate efforts from the Processor and that the Controllers provides detailed instructions in writing.

8.4 Processor may charge a reasonable fee to the Controller for providing cooperation and assistance in responding to data subject’s requests for exercising of their rights.

Article 9 Assistance to the Controller

9.1 The Processor shall provide the Controller with all necessary assistance and cooperation in enforcing the obligations of the Parties under the GDPR and other applicable laws and regulations concerning the Processing of Personal Data. To the extent that such assistance relates to the Processing of Personal Data f or the purpose of the performance of the agreement, the Processor shall in any event provide the Controller with such assistance relating to:

  1. The security of Personal Data.
  2. Performing checks and audits.
  3. Performing DPIAs.
  4. Prior consultation with the Supervisory Authority.
  5. Responding to requests from the Supervisory Authority or another government body.
  6. Responding to requests from data subjects. (vii)Reporting Personal Data Breaches.

9.2 Processor may charge the Controller a reasonable fee for support services which are not included in the description of the services and which are not attributable to the Processor's misconduct, mistakes or infringements.

Article 10 Transfer of Personal Data

10.1 Both parties mutually acknowledge and agree that the data processing activities under this agreement will not take place outside of the European Economic Area.

Article 11 Sub-processors

11.1 Processor may engage or replace a Sub-processor for the performance of Processor's Processing of Personal Data under the DPA.

11.2 The Processor shall inform, in writing, the Controller in the event of changing Sub-processors no later than one (1) month prior to intended changes regarding the addition, replacement or removal of Sub-processors whereby the Controller shall be given the opportunity to object to these changes in writing within one (1) month after the Controller has been informed by the Processor of the intended change.

11.3 The Controller is entitled to terminate the agreement if they can’t come to an agreement on the change of a Sub-processor.

11.4 Processor shall enter into a written agreement with each Sub-processor containing data protection obligations that provide, at minimum, the same level of protection for Controller data as set in this DPA, to the extent applicable to the nature of the service provided by such Sub-processor.

11.5 The Sub-processors engaged by the Processor in the performance of the DPA are:

Article 12 Cooperation with Supervisory Authorities

12.1 The Controller and the Processor shall cooperate, on request, with the Supervisory Authority. The Controller shall be informed immediately of any inspections and measures executed by the Supervisory Authority, insofar as they relate to the activities under this DPA.

Article 13 Retention period of Personal Data

13.1 Processor does not store Personal Data that are processed longer than is necessary for the aforementioned purposes of data Processing or on the basis of laws and regulations (with due observance of the retention periods resting on us).

Article 14 Liability

14.1 Each party to this DPA commits to indemnify the other party for damages or expenses resulting from its own culpable infringement of this DPA, including any culpable infringement committed by its legal Representative, subcontractors, employees or any other agents. Furthermore, each party commits to indemnify the other party against any claim exerted by Third Parties due to, or in connection with, any culpable infringement by the respectively other party.

14.2 Article 82 GDPR stays unaffected.

14.3 Each Party is obliged to inform the other Party without undue delay of any (possible) liability claim or the (possible) imposition of a fine by the Supervisory Authority, both in connection with the DPA. Each Party is obliged in all reasonableness to provide the other Party with information and/or support for the purpose of putting up a defence against a (possible) liability claim or fine as referred to in the previous sentence. The Party providing information and/or support is entitled to charge any reasonable costs in this respect to the other Party; the Parties shall inform each other as much as possible in advance of these costs.

Article 15 Duration and termination

15.1 The duration of the DPA is equal to the duration of the agreement. The DPA cannot be terminated separately from the agreement. Upon termination of the agreement, the DPA ends by operation of law and vice versa.

Article 16 Deletion and return of Personal Data

16.1 Processor shall not create copies or duplicates of the data without the Controllers knowledge and Consent, except for backup copies, insofar as they are necessary for ensuring that data is processed correctly, and where the retention of such data is required by law.

16.2 After conclusion of the provision of services, Processor shall, at the Controllers choice, either delete in a data-protection compliant manner or return to the Controller, all the Personal Data collected and processed under this DPA, unless any applicable legal provision requires further storage of the Personal Data.

16.3 In any case Processor may retain beyond termination of the contract all the information necessary to demonstrate the compliance of the Processing activities carried out.

16.4 The documentation referred to under point (3) above, shall be stored by Processor in accordance with the applicable retention periods, statutory or otherwise determined. Processor may hand the documentation over to the Controller upon termination of the agreement. In such case, Processor is relieved from any obligation to keep such documentation.

Article 17 Applicable law and dispute resolution

17.1 The DPA and its performance are governed by Bulgarian law.

17.2 All disputes arising between the Parties in connection with the DPA shall be submitted to the competent court in the place where the Controller has its registered office.

Article 18 Data Protection Officer

18.1 Alexander Bogdanovski, managing director at Erudika is designated as the contact person on behalf of the Processor.

Contact Erudika

If you have any questions about this privacy policy or Erudika's treatment of your personal information, please get in touch with us:

 

Get updates on Twitter