Privacy Policy

Updated 08/27/2018

Purpose

This Privacy Policy describes how we ("TypingMaster," "us," "we," or "our") collect, use, process, and disclose your information, including personal information (the Personal Data), in conjunction with your access to and use of our Service.

The Personal Data will be processed in the purpose of administering the access rights and monitoring the progression of the End User in accordance with the Terms of Service.

Also, this Privacy Policy defines the rights and obligations related to information security and the execution of data protection between The Subscriber and the Service Provider and it is an inseparable and essential part of the Terms of Service.

1. Definitions

In the Privacy Policy, the following terms shall have the following meanings:

1.1 Service Provider. The capitalized term Service Provider refers to Typing Master Finland Oy, the developer, intellectual property rights owner, and publisher of a web-based typing tutor service, whose registered office is at Eerikinkatu 4 A 16, 00100 Helsinki, Finland.

1.2 Subscriber. The customer institution named in the registration, who has authorized acceptance of this Terms of Service and completed the registration. The Subscriber provides access to the Service to its Authorized Users, and is responsible for payment of fees and implementation of this Terms of Service.

1.3 Service. The capitalized term Service refers to the web-based typing tutor application sold under the brand names Typing Quest and TypingMaster, any updates to the application, and any related online documentation.

2. Information We Collect

We collect the following information (the Personal Data):
      - Name;
      - Username and password;
      - Data derived from the use of The Service (e.g. progression in The Service);
      - Email address (optional);
      - Organization and grouping information (optional);
      - Registration logs.

3. How We Use the Information

The Service Provider may use the personal data the Subscriber provides online to send the Subscriber information about changes that affect the use of Service or that we feel may be of interest to the Subscriber. Only the Service Provider will send the Subscriber such mailings.

The Service Provider retains server logs and files which contain detailed Authorized User access information including but not limited to date and time of access, login ID employed and statistics relating to the use of Service. This access information may be used by the Service Provider and its representatives for customer support purposes.

The Service Provider will not share email addresses with anyone outside the Service Provider or disclose the User information to any third party, except as described below.

The Service Provider shall use its best endeavors to keep confidential from third parties the Subscriber's access information, Authorized User data and usage statistics. In the case that the Service Provider assigns its rights in this Agreement to a third party, the Subscriber may at its discretion require this assignee either to keep such information confidential or to destroy them. The Service Provider will comply with the requirements of the data protection legislation currently in force (more in section 8 Confidentiality).

The Service Provider agrees that it may create, receive from or on behalf of Institution, or have access to, records or record systems that are subject to the Family Educational Rights and Privacy Act ("FERPA"), 20 U.S.C. Section 1232g (collectively, the "FERPA Records"). The Service Provider represents, warrants, and agrees that it will: (1) hold the FERPA Records in strict confidence and will not use or disclose the FERPA Records except as (a) permitted or required by this Agreement, (b) required by law, or (c) otherwise authorized by Institution in writing; (2) safeguard the FERPA Records according to commercially reasonable administrative, physical and technical standards that are no less rigorous than the standards by which the Service Provider protects its own confidential information; and (3) continually monitor its operations and take any action necessary to assure that the FERPA Records are safeguarded in accordance with the terms of this Agreement.

4. Service Provider’s Rights and Liabilities for Using an Information

Technical operability and development of The Service. The Service Provider is responsible for the technical operability, safety, validity and legality of The Service according to Privacy Policy.

The Service Provider shall take into account the principle of data protection by default and by design in the development of the Service.

The Service Provider’s access to the data. The Service Provider has a right to examine, update and otherwise process the Subscriber’s data only according to the documented instructions of the Subscriber or it’s authorized representative.

Notwithstanding the aforesaid, the Subscriber mandates the Service Provider to examine, update and correct the Subscriber’s data at it’s own initiative for the purpose of necessary technical maintenance or correction of errors according to this Privacy Policy. Such maintenance shall be conducted, when feasible, with anonymized test data.

The data protection impact assessment and prior consultation. The Service Provider shall provide reasonable assistance to the Subscriber in fulfilling its liabilities of the impact assessment concerning data protection and prior consultation taking into account the information available to the Service Provider.

The Service Provider has the right to charge for reports exceeding customary investigation or reports exceeding the informing liability described in the section 4 paragraph 5 in accordance with its current prices list.

5. The Subscriber’s Rights and Liabilities for Using an Information

Data processed in The Service. The Subscriber is responsible for the lawfulness of the processing (i.e for the correct legal basis) and that it has the right to transfer the personal data to the Service Provider. The Subscriber is responsible for the data being up-to-date, error-free and legal.

The rights of the data subject. The Subscriber is responsible for providing the data subject’s rights, answering inquiries of the data subject and the costs related thereto and acts as a primary contact for the data subjects.

The Service Provider shall forward any contacts from data subjects to the Subscriber.

Informing and auditing. On Subscriber’s request, Service Provider shall make available to the Subscriber all information necessary to demonstrate its compliance with this Privacy Policy and data protection legislation.

The Subscriber has a right to conduct an audit to the Service concerning the processing of the personal data or have it conducted by a third party. Such third party must be approved by the Service Provider. The audit shall not result in unreasonable inconvenience to the Service Provider. The Subscriber shall bear all the costs of the audit.

6. Subprocessors

The Service Provider shall have the right to use Subprocessors for data processing (the Subprocessor), change Subprocessors and make entirely new subprocessing agreements. The Service Provider may continue to use those Subprocessors already engaged by Service Provider as of the date of this Privacy Policy.

The Service Provider shall use only such Subprocessors that comply with the personal data processing legislation. The Service Provider shall ensure that the obligations of the Service Provider provided in this Privacy Policy are extended to its Subprocessors. The Service Provider shall be responsible for the processing conducted by its Subprocessors as for its own.

The Service Provider shall give the Subscriber prior written notice of appointment of any new Subprocessor. The Subscriber shall have the right to oppose any such changes for a justified reason relating to the of data protection or data security in order to ensure legal processing of personal data. In case the Subscriber opposes the use of a subprocessor proposed by the Service Provider within 30 days from the receipt of the notice, The Service Provider shall negotiate with the Subscriber in good faith in order to enable a such economically reasonable change in the provision of The Service that does not result in the use of the suggested Subprocessor. If such a change may not be carried out within 60 days after the Service Provider has received information of the Subscriber’s opposition, the Subscriber has the right with immediate effect to terminate the part of the Terms of Service that would require the use of the proposed Subprocessor.

7. Data Security and Personal Data Breaches

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Service Provider shall implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk. However, no method of transmission over the internet or electronic storage is completely secure, so the Service Provider cannot guarantee data’s absolute security.

Service Provider shall notify the Subscriber without undue delay upon Service Provider or any Subprocessor becoming aware of a personal data breach affecting Subscriber’s personal data.

Service Provider shall commit to co-operating with Subscriber and taking reasonable commercial steps to assist in remedying the consequences of each such personal data breach by accessible conventional means taking into account the information available to the Service Provider. The Service Provider commit to assist the Subscriber in fulfilling its legal notification and documentation obligations.

8. Confidentiality

The Service Provider considers the confidentiality and security of your information to be of the utmost importance.

The Service Provider commits to keeping confidential such personal and other data of the Subscriber that is in the Service or that has been processed on the grounds of the Service.

Only those employees of the Subscriber to whom it is necessary for purposes of their tasks may have access to The Service and the data of the Subscriber.

The Service Provider does not have a right to assign the Subscriber’s data to any third party or use it to it’s own purposes without a permission from the Subscriber.

The Service Provider has the right to assign the data in the Service to a third party in case obligated by a law, statute or authorities.

The Service Provider shall ensure that its personnel commit to the level of confidentiality agreed in this Privacy Policy.

9. Deleting and Returning Personal Data

At the termination of the Service, The Service Provider shall seize personal data processing and accordingly to the Subscriber’s choice either:
      1) shall delete otherwise than from the backup files the personal data processed on behalf of the Subscriber, or
      2) shall return all the personal data processed on behalf of the Subscriber to the Subscriber and shall delete the files otherwise than from the backup files.

Service Provider after the Subscriber’s request in writing has the right to switch on automatic inactive user data deletion process. An inactive user under this section means the user that has not been logged in to the Service during last 6 months or as otherwise instructed by the Subscriber.

By an explicit request of the Subscriber the Service Provider may at Subscriber’s expense delete and erase also Subscriber’s personal and other data in the Service Provider’s backup file database at the termination of the agreement.

10. Data Transfers

TypingMaster has its servers in the United States and EU. The United States Authorised Users data will be respectively collected and processed in the United States while EU Authorised Users data is collected and processed in Finland. The United States and Finland countries have their own laws governing data protection and government access to information. The rules that protect your personal information under United States or Finland countries laws may be different than in your home country. If you choose to use the Services, you need to agree to our Terms of Service and referenced policies, which set out the contract between TypingMaster and its users.

11. Detailed Instructions for Processing the Client’s Personal Data

This Privacy Policy constitutes all the documented instructions given by The Subscriber to The Service Provider unless otherwise agreed upon. The Service Provider is liable for the lawfulness and correctness of the personal data processing instructions. The Service Provider shall without undue delay notify the Subscriber if it notices that the instructions given by the Service Provider breach the personal data protection law legislation. The Subscriber is to the full extent liable for the damages caused to the Service Provider by the unlawful instructions.

These instructions may be altered and complemented by other documented instructions from the Subscriber. The Service Provider shall not comply with any unlawful personal data processing instructions nor instructions on personal data processing given otherwise that in writing by the Subscriber.

The Subscriber may orally instruct the Service Provider on the personal data processing and thus the Service Provider may take actions accordingly provided that the Subscriber will also give the instruction in writing to the Service Provider within 7 days from giving the original instruction. The Subscriber is to the full extent liable for personal data processing in such manner. In case the Subscriber neglects the documentation of the instruction within the time limit the Service Provider has the right to quit personal data processing according to any other than a written instruction.

12. Children’s Privacy

People under 18 (or the legal age in your jurisdiction) are not permitted to use TypingMaster Services on their own. The Service Provider does not knowingly collect any Personal Data from children under the age of 13 and children under 13 are not permitted to register for an account or use our Services. If you believe that a child has provided us with Personal Data, please contact us. If the Service Provider become aware that a child under age 13 has provided us with the Personal Data, we’ll delete it.

The Service Provider does not knowingly process data of EU residents under the age of 16 without parental consent. If the Service Provider becomes aware that the data from an EU resident under the age of 16 without parental consent was collected, the Service Provider will take reasonable steps to delete it as quickly as possible. The Service Provider also comply with other age restrictions and requirements in accordance with applicable local laws.

13. Changing our Privacy Policy

The Service Provider has the right to change these terms in case it is justifiable because of the changes in legislation or its interpretation or changes in the Service Provider’s business environment.