String Learning ApS
Horsensgade 2, 4. tv.
Company registration number: 35673539
1.2 The Policy is prepared and made available to comply with the general data protection regulation (2016/679 of 27 April 2016) (the ”GDPR”) and the rules included herein on information to be provided to you.
2. String Learning is a data processor
2.1 To provide the online products and services, including tests, to our users on the website, we have entered into agreements with sponsors who are sponsoring the tests. We act as a data processor for these sponsors who are data controllers for the processing of your personal data in connection with taking a test.
3. Collecting personal data with cookies
3.1 By visiting and using our website, cookies are collected and used on the basis of consent. Information in these cookies include browser type, IP address, location at login, preference cookies and performance or analytics cookies (hereinafter "Cookiedata"). We also use “functionality” cookies, which allow our website to remember your choices or preferences, such as information on online forms or previous orders. These cookies allow us to offer you a personalized experience while using the website. They are not used to track your browsing activity on other websites.
3.4 If you wish to limit or decline the cookies placed on your computer when visiting our website, you can do so at any time by changing your browser settings. However, you should be aware that if you decline or reject cookies it will impact the functionality of the website which means that there are features on the website that you will not be able to see. Any browser allows that you delete cookies collectively or individually. How this is done depends on the used browser. Remember to delete the cookies in all browsers if you use several different browsers.
3.5 We also collect aggregate or non-identifiable information to track data such as the total number of visits to our website, the number of visitors to each page of our website, or how visitors found the website. We use this information to understand how our visitors use our website for improvement purposes. We may also share this information with our affiliates, our partners, or other third-party companies. No personally identifiable information is collected, stored, or disclosed in this process.
4. Types of personal data processed
4.1 We process personal data about you when this is necessary and in accordance with the applicable legislation. Depending on the specific circumstances, the processed personal data include the following types of personal data: name, title, organization, address, email address and other varying personal data which you have submitted voluntarily on the website.
4.2 We do not collect sensitive personal data about you. If you provide sensitive personal data, for example about health, sexuality or trade union membership, this information will only be stored by us and not actively processed. As far as possible, we ask you not to provide sensitive personal data about you in a comment or other blog features.
4.3 We collect your personal data from you and, where applicable, from external sources. For example, we collect token information from Facebook or Twitter if you choose to login on the website via your profile on Facebook or Twitter.
4.4 If we need to collect more personal data than what is specified above, we will inform about this. Such information may be provided by our updating of this Policy.
5. Purposes for processing the personal data
5.1 We only process your personal data for legitimate purposes in accordance with the GDPR.
5.2 Depending on the circumstances, the personal data is processed for the following purposes:
(i) To deliver our online platform and our services to you.
(ii) To comply with our obligations as a data processor to our data controllers
(iii) For you to create a login on the website and maintain your account.
(iv) To respond to your inquiries
(v) To process your transactions
(vi) To improve our products, services and website.
6. Legal basis for processing personal data
6.1 We only process your personal data when we have a legal basis to do so in accordance with the GDPR. Depending on the specific circumstances, the processing of personal data is done on the following legal basis:
(i) If we have asked for a consent for the processing of specific personal data, the legal basis for such personal data is a consent, cf. article 6(1)(a) of the GDPR, as the consent can always be withdrawn by contacting us via the contact details provided at the end of this Policy, and, if the consent is withdrawn, the personal data processed on the basis of consent is deleted, unless it can or must be processed, for example, in order to comply with legal obligations.
(ii) The processing is necessary for the performance of a contract to which the data subject is party, cf. the GDPR, article 6(1)(b), the first indent.
(iii) The processing is necessary for the purposes of the legitimate interests where such interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, cf. the GDPR, article 6(1)(f).
7. Disclosure and transfer of personal data
7.1 We only pass on personal data to others when the law allows it or requires it, including when relevant and asked to do so by you or a data controller.
7.3 Where the external parties are data processors, the processing is always performed on the basis of a data processor agreement in accordance with the requirements hereto under GDPR.
7.4 We disclose personal data in the following situations:
(i) To our data processors to perform services on ours and the data controllers’ behalf and whose processing is subject to a data processing agreement.
(ii) To our data controllers in accordance with the concluded data processing agreement.
(iii) To our business partners who may jointly develop and offer products with String Learning ApS.
(iv) In conjunction with a sale or similar transfer of a business.
(v) When it is required by law or for other legal purposes.
(vi) If you use our online products or services, we may share your personal data and other information collected in the course of providing you with our online products and services with instructors and administrators of your educational institution.
7.5 You are welcome to contact us for more information about our disclosure of personal data, including questions about our use of data processors.
8. Erasure and retention of personal data
8.1 For the data we process as data controllers, we have created the possibility for you as a user to erase your own data by logging into the website and erase your profile.
8.2 If you have used your token information from your Twitter or Facebook user profile to log in on the website, you can remove this login to String Learning through your user settings on Twitter or Facebook.
8.3 For the data we process as data processors, we erase your data in accordance with the concluded data processing agreement with the data controllers.
8.4 If you have any questions regarding our storage and processing of personal data, you are welcome to contact us at the e-mail address which are provided at the bottom of this Policy.
9. Data subject rights
9.1 Data subjects have a number of rights that we can assist with. If a data subject wants to make use of his or her rights, he or she can contact us. The rights include the following:
9.1.1 The right of access: Data subjects have a right to ask for copies of the information that we process about them, including relevant additional information.
9.1.2 The right to rectification: Data subjects have a right to ask for rectification of inaccurate personal data concerning him or her.
9.1.3 The right to erasure: In certain circumstances data subjects have a right to obtain the erasure of personal data concerning him or her before the time when erasure would normally occur.
9.1.4 The right to restrict processing: Data subjects have, in certain situations, a right to have the processing of his or her personal data restricted. If a data subject has the right to have the processing of his or her personal data restricted, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest in the European Union or of a European member state.
9.1.5 The right to object: Data subjects have, in certain situations, a right to object to the legal processing of his or her personal data. Objection can also be to the processing of personal data for the purpose of direct marketing.
9.1.6 The right to data portability: Data subjects have, in certain situations, a right to receive his or her personal data in a structured, commonly used and machine-readable format and have the right to transmit those data to another data controller without hindrance from the data controller to which the personal data has been provided.
9.2 More information about data subject rights can be found in the guidelines of the national data protection authorities. If a data subject wishes to make use of his or her rights as described above, the data subject is asked to use the contact details provided at the end of this Policy.
9.3 We strive to do everything to meet wishes regarding our processing of personal data and the rights of data subjects. If you or others despite our endeavors wish to file a complaint, this can be done by contacting the national data protection authorities.
10. Changes to this Policy
10.1 We reserve the right to update and amend this Policy. If we do, we correct the date and the version at the bottom of this Policy. In case of significant changes, we will provide notification in the form of a visible notice, for example on our website or by direct message.
11.1 If you have questions or comments to this Policy or if you would like to invoke one or more data subject rights, please contact us at firstname.lastname@example.org.
This is version 1, last updated 03.08.2020.