We care about helping your children learn. Your trust is very important to us. This is why at Edplus (company name Edtopia Limited, company number 10018990) we take your and your child’s privacy and online safety extremely seriously.
We are a data controller and as such it is our duty to make sure you have knowledge of and control over your own personal data, which we are bound to keep safe at all times. The duty to protect your personal information or data is a legal responsibility under the European Union’s General Data Protection Regulation (“GDPR”).
It explains what personal information or data we collect from you, what we do with it and how we protect it. It sets out your rights in relation to the personal data we hold or process for you.
Why do we collect personal data?
Edplus is committed to improving the way our children learn. The purpose of our products and services is to help parents, guardians and teachers with their child’s education and knowledge development. We have a legitimate business interest in collecting the limited personal information needed in order to be able provide our personalised tuition service. This legitimate interest is the legal basis we have for collecting and processing your personal information.
Who do we collect personal data from?
What personal data do we collect from you?
We collect the minimum amount of personal data necessary to provide the Edplus service you request.
The personal information you give us when you sign up to use our service or receive news updates from Edplus comprises:
- your name and email address;
- your user ID (which is generated by us and allocated to you when you first use our app or play our games);
- details of the children with a profile on our database i.e. given name (or nickname) and year of birth;
- your device’s ID, make, model and operating system;
- the geographical location in which you are using the device;
- financial information (for example payment card details);
In addition to asking parents to provide children’s name and year or birth, we ask teachers to provide us with students names, class and school. This constitutes “directory information” as defined in the Family Educational Rights and Privacy Act (“FERPA”, in the USA) as well as being personal data as defined in the GDPR (in the EEA).
We also automatically collect non-personal information about how you or your child use our app. We track game play attempts and we keep a record of how your child is progressing, including their results..
What we do with your personal data
We only use your personal information to provide the Edplus service. This means we only use it where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- We use your child’s personal data to build their personal dynamic knowledge profile.
- We use your personal data to compile and send you real-time reports and updates of your child’s progress and detailed performance statistics. By creating an account, you are agreeing to receive emails concerning your or your child’s progress. You may unsubscribe from these.
- You may also consent to receive news or promotional material. We use your personal data to send this to you, usually by email. You may unsubscribe from these communications.
- Should you contact us for troubleshooting, support, complaints, comments or any other reason, we will use your personal information in order to successfully deal with your query.
How do we protect your personal data?
Because many of our users are children, we have taken special care to design our all our data processing with children in mind from the beginning and we take a precautionary approach by-default.
We believe that children should not be exposed to large amounts of advertising on their devices. Therefore, we never carry paid advertisements for anyone else.
We do not have any social media platforms on our app, so information about you or your children is never visible to anyone else.
Within our company, we have put technical and organisational security systems in place to protect your information against risks such as accidental loss, unauthorised access or use, destruction or damage.
Except for our own company group and our trusted partners – which you can see on our marketplace – and service providers, we do not allow anyone else to access your personal information, unless required to do so, for example by law.
In the context of a corporate merger or acquisition involving our company, your personal information may be shared on a strictly controlled and confidential basis.
All our partners and service providers and any potential investors are required to protect your personal data to the same extent that we do and must comply fully with all relevant laws and regulations.
Data storage and processing
Your personal information is stored and processed on our servers and those of our service providers. While your information is being transferred to our servers, it is encrypted. This helps to protect it in transit. In order to keep your personal information safe, we regularly update our rigorous cyber security programmes.
If the data that we collect from you is transferred to, and stored at, a destination outside the European Economic Area (“EEA”), we will ensure your information receives an equivalent level of protection to those under the GDPR.
For security reasons, payment card details are not held by us and are stored instead by our payment service provider.
Data retention – how long do we keep your personal information?
We do not hold your personal data for longer than necessary to fulfil the purposes for which we collected it, including to satisfy any legal, accounting or reporting requirements.
We hold your data for as long as you are an account holder. When you close your account your personal information is deleted and your user history is irrevocably anonymised. This means it is no longer possible for anyone to link your or your child’s learning profile to your personal information or to identify them.
In certain circumstances we may need to keep your personal data to comply with our legal obligations in the event of a legal dispute, that is, until the statute of limitations for the bringing a civil court claim expires. Usually six years in the UK.
What happens if someone accesses your personal information without permission?
If there is any breach of our data protection and security systems, for example by unauthorised persons or hackers, we will let you know without delay and will also notify the relevant authorities as soon as possible within the time limits set out by law.
What are your rights in relation to the personal data we hold about you?
Your personal information belongs to you, and you have many rights in relation to this information:
- You have a right to access your personal information, that is to find out exactly what personal information of yours we hold.
- You have a right to rectify your personal information, or change it. It is important that the personal data we hold about you is correct and up-to-date. Please keep us informed of any changes to your personal information.
- You have a right to request that we delete your personal information.
- You may limit how we process it.
- You may also request the transfer of your personal information to another party.
You can do all of this by sending an email to firstname.lastname@example.org. We will respond to you promptly within the time limits set out by law.
Data Protection Supervisory Authority
If you are an EU citizen or if our use of your personal data is subject to the European Union’s General Data Protection Regulation, you also have the right to lodge a complaint about how we handle your personal data with a EU data protection supervisory authority. In the UK, this is the Information Commissioner’s Office (ICO).
Last Updated 12 February, 2019